KeqingMoe/math
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化JWT解码逻辑,添加错误处理以防止空用户ID导致的权限拒绝

Browse Source
This commit is contained in:
keqingmoe 2024-12-31 01:44:29 +08:00
parent 394bcd83ba
commit 079dbeaf81
5 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/jwt/jwt.cpp
View File

@ -1,6 +1,8 @@
#include "jwt.h" #include "jwt.h"
#include <chrono> #include <chrono>
#include <print>
#include <jwt-cpp/jwt.h> #include <jwt-cpp/jwt.h>
@ -23,9 +25,13 @@ extern "C"
auto get_payload(const char* token) -> char* auto get_payload(const char* token) -> char*
{ {
try {
auto decoded_token = jwt::decode(token); auto decoded_token = jwt::decode(token);
auto payload = decoded_token.get_payload_claim("user_id").as_string(); auto payload = decoded_token.get_payload_claim("user_id").as_string();
return strdup(payload.c_str()); return strdup(payload.c_str());
} catch (...) {
return nullptr;
}
} }
auto verify_token(const char* token, const char* secret) -> int auto verify_token(const char* token, const char* secret) -> int

5
src/server/auth/delete.c
View File

@ -82,6 +82,11 @@ int user_delete_handler(mg_connection* conn, void* cbdata)
} }
char* user_id = get_payload(form.token); char* user_id = get_payload(form.token);
if (!user_id) {
res_permission_denied(conn);
delete_form_dtor(&form);
return 1;
}
if (form.user_id && strcmp(user_id, form.user_id)) { if (form.user_id && strcmp(user_id, form.user_id)) {
int perm1; int perm1;

5
src/server/auth/repasswd.c
View File

@ -150,6 +150,11 @@ int user_repasswd_handler(mg_connection* conn, void* cbdata)
} }
char* user_id = get_payload(form.token); char* user_id = get_payload(form.token);
if (!user_id) {
res_permission_denied(conn);
repasswd_form_dtor(&form);
return 1;
}
if (form.user_id && strcmp(user_id, form.user_id)) { if (form.user_id && strcmp(user_id, form.user_id)) {
impl_others(conn, user_id, &form); impl_others(conn, user_id, &form);

5
src/server/study/problems.c
View File

@ -255,6 +255,11 @@ int problems_handler(mg_connection* conn, void* cbdata)
res_need_token(conn); res_need_token(conn);
} else { } else {
char* user_id = get_payload(form.token); char* user_id = get_payload(form.token);
if (!user_id) {
res_permission_denied(conn);
problem_form_dtor(&form);
return 1;
}
int result; int result;
int flag = get_user_permission(user_id, &result); int flag = get_user_permission(user_id, &result);
if (!flag) { if (!flag) {

5
src/server/study/sets.c
View File

@ -204,6 +204,11 @@ int sets_handler(mg_connection* conn, void* cbdata)
res_need_token(conn); res_need_token(conn);
} else { } else {
char* user_id = get_payload(form.token); char* user_id = get_payload(form.token);
if (!user_id) {
res_permission_denied(conn);
set_form_dtor(&form);
return 1;
}
int result; int result;
int flag = get_user_permission(user_id, &result); int flag = get_user_permission(user_id, &result);
if (!flag) { if (!flag) {